Package net.shibboleth.idp.authn

Interface CredentialValidator

All Superinterfaces:

Component, IdentifiableComponent, IdentifiedComponent

All Known Implementing Classes:

AbstractCredentialValidator, AbstractUsernamePasswordCredentialValidator, HTPasswdCredentialValidator, JAASCredentialValidator, KerberosCredentialValidator, LDAPCredentialValidator, X509CertificateCredentialValidator

@ThreadSafe
public interface CredentialValidator
extends IdentifiableComponent

High-level API for validating credentials and producing a Java Subject as a result.

This is more or less what JAAS does but with a simpler interface adapted better to the IdP's needs. Predominantly for password validation scenarios but the interface is not specific to that use case.

Instances of this interface must be stateless.

Since:

4.0.0

Nested Class Summary

Nested Classes

Modifier and Type	Interface	Description
static interface	CredentialValidator.ErrorHandler	Interface to use to report errors to the caller.
static interface	CredentialValidator.WarningHandler	Interface to use to report warnings to the caller.

Method Summary

Modifier and Type	Method	Description
Subject	validate(ProfileRequestContext profileRequestContext, AuthenticationContext authenticationContext, CredentialValidator.WarningHandler warningHandler, CredentialValidator.ErrorHandler errorHandler)	Validate any credentials found in a supported form within the input context tree and produce a Subject as the outcome.

Methods inherited from interface net.shibboleth.shared.component.IdentifiableComponent

setId

Methods inherited from interface net.shibboleth.shared.component.IdentifiedComponent

getId

Method Details

validate

@Nullable
Subject validate(@Nonnull
 ProfileRequestContext profileRequestContext,
 @Nonnull
 AuthenticationContext authenticationContext,
 @Nullable
 CredentialValidator.WarningHandler warningHandler,
 @Nullable
 CredentialValidator.ErrorHandler errorHandler)
          throws Exception

Validate any credentials found in a supported form within the input context tree and produce a Subject as the outcome.

A null result is used to signal that validation was not attempted.

Parameters:

profileRequestContext - profile request context

authenticationContext - authentication context

warningHandler - optional warning handler interface

errorHandler - optional error handler interface

Returns:

result of a successful validation, or null

Throws:

Exception - when validation is unsuccessful due to a failed attempt